Fedoraproject

Fedora

5353 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2013-7459

Exploit
  • EPSS 14.53%
  • Veröffentlicht 15.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

5.5

CVE-2016-4796

  • EPSS 0.2%
  • Veröffentlicht 03.02.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.

5.5

CVE-2016-4797

  • EPSS 0.52%
  • Veröffentlicht 03.02.2017 16:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for ...

5.5

CVE-2016-8568

  • EPSS 0.64%
  • Veröffentlicht 03.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a cat-file command with a crafted object file.

5.5

CVE-2016-8569

  • EPSS 0.74%
  • Veröffentlicht 03.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a cat-file command with a crafted object file.

3.3

CVE-2016-9085

  • EPSS 0.11%
  • Veröffentlicht 03.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors.

7.5

CVE-2016-9108

  • EPSS 0.83%
  • Veröffentlicht 03.02.2017 15:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

5.9

CVE-2015-7977

  • EPSS 18.91%
  • Veröffentlicht 30.01.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (NULL pointer dereference) via a ntpdc reslist command.

7.5

CVE-2016-9446

  • EPSS 1.28%
  • Veröffentlicht 23.01.2017 21:59:03
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

7.8

CVE-2015-8854

  • EPSS 1.02%
  • Veröffentlicht 23.01.2017 21:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (...